After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 762934 - External search does not properly escape user supplied data, resulting in vulnerability
External search does not properly escape user supplied data, resulting in vul...
Status: RESOLVED FIXED
Product: doxygen
Classification: Other
Component: general
1.8.10
Other All
: Normal normal
: ---
Assigned To: Dimitri van Heesch
Dimitri van Heesch
Depends on:
Blocks:
 
 
Reported: 2016-03-01 17:31 UTC by bjonkman.nrel
Modified: 2016-09-05 13:45 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description bjonkman.nrel 2016-03-01 17:31:48 UTC 
We used server-side searching (both SEARCHENGINE and SERVER_BASED_SEARCH are YES in the config file and EXTERNAL_SEARCH is NO), and had our cyber security guys check for vulnerabilities in the generated HTML.

The assessment showed "an injection vulnerability allowing me to exploit reflected XSS (a vulnerability that an attacker could use to launch attacks against the website, or other users), and iframe injection (a vulnerability that allows an attacker to import a website of their choice and/or under their control)."

The problem appears to be in search_opensearch.php, where the user-supplied data is not properly escaped.
Comment 1 Dimitri van Heesch 2016-03-25 18:57:49 UTC 
Confirmed. Should be fixed in the next GIT update.
Comment 2 Dimitri van Heesch 2016-09-05 13:45:13 UTC 
This bug was previously marked ASSIGNED, which means it should be fixed in
doxygen version 1.8.12. Please verify if this is indeed the case. Reopen the
bug if you think it is not fixed and please include any additional information 
that you think can be relevant (preferably in the form of a self-contained example).